XSF Discussion - 2017-10-14

Can a client respond with an internal-server-error if something internal goes wrong when handling a request? The "server" part makes me unsure.

Heh

Do you have a specific case in mind?

or is this just a "is it possible"?

Im currently coding a client for fun and I have a situation where something internal may fail and I'm wondering what to respond in that case. To make it more specific: Before I send a stanza as response I validate it using the XML schema files and some additional logic. What do I do if the validation fails? I have to anwser something to iq request..

Now that I think about it, maybe I should only validate incoming stanzas and not outgoing ones. The receiving entity can't expect valid stanzas anyway and has to validate itself.

I just thought it would be cool to make sure what I'm sending is valid.

Isn't that bad-request?

Oh, sorry, I see what you're saying

Maybe undefined-condition with a custom error would be appropriate here

There's not much the remote party can do about it in any case

Hmm the undefined-condition should be used in application-specific cases

I mean, should is not must but it does not feel clean either

I think I'll use my internal validation to display warnings/errors and send the invalid stanza anyway. At least this way finding and debugging invalid stanzas is easy.

Syndace, whatever you do, it's often a good idea to include a human readable english text into the error response which provides more information about what whent wrong. But only if that information does not cause some sort of security leak

Flow, most of the errors are self explanatory, aren't they? Often the XEPs define semantics for error conditions. I like to avoid decisions that might cause security leaks.

Syndace, In my experience it's quite the opposite. For example internal-server-error: It's often usefull to know the cause of the error

Why does the client have to know which internal server error occured?

Nevermind, there are probably cases where additional info makes a lot of sense. I'll overthink which of my generated errors could benifit from additional info.

Syndace, so that it can report the error condition back to the server operator

The server operator should really log internal errors himself..

and he will very likely do that

Syndace: sometimes a user sees an error and don't bother support, because the error is temporary, for example, database failure

jonasw, in your last email to the XHTML-IM thread, I fail to see how having a protocol break from xml to xml would fix OP's issue. I'd like to keep XML as well but if you do that you're still open to the same vulnerabilities

pep., yes, I’m not convinced that XML helps, which is what I wrote I think?

let me reread

actually I’m even posting an example of how this might be exploited

yeah, I probably should’ve added something like "I *think* that […], but I’m not convinced that clients will do the right thing by default, which is why we’re trying to get rid ofXHTML-IM in the first place." will clarify on-list

:)

But,

hmm, yes

yeah, saying "We are now using this NS instead" won'T fix the problem of people not validating

So if people want a change, XML is a no-no

And so is markdown because some implementation (most?) accept html

markdown is out even if only because it’s not extensible

Right

But I would go further and say, for XML, it's a no-no for web clients at all.

Because people are putting stuff everywhere without validating and that creates vulnerabilities :)

Not just in <body>

Even if it's the most obvious

pep.: that is issue with client dev, validating untrusted input is the first thing to learn when you do web dev (even not web actually)

pep.: (disclaimer: I'm not claming that my web software are failproof, security issue can and will happen to most software)

goffi, yeah, look at my last email on the list

Can't have nice things!

I should have put something like "unlike OP suggests" at the end of that sentence

jonasw: thanks for your last message, I kind of feel alone when I don't even understand while people are still talking about markdown after the debate we had.

s/while/why/

I’m assuming some good faith (i.e. too long other thread and people didn’t read)

it's possible, I've had the same thing during OMEMO flamewar, hard to follow when you arrive after the battle.

I kinda wanna pin the entire xhtml-im problem on whoever invented .innerHTML

Zash, .innerHTML isn’t the issue with XHTML-IM

XHTML-IM breaks not only if you use .innerHTML, it also breaks if you use appendChild

Blame the web!

Mardown in XMPP, seriously ?!

i'm not against Markdown, but looks like we are trying to solve a problem by changing it

No, Markdown being defined as a superset of HTML rules it out

dwd gave a proper definition of what he thinks should be markdown for IM.

more or less proper.

I’m tired of asking how to emphasize "Trainer*Innen" with that though.

\bold{Trainer*Innen}

uhhh

TeX in IM

one of the problem is that people always thing about their own use case

that’s execellent

it’s even turing complete!

(I don't actually know TeX, wild guess)

it’d be \emph{} or \textbf{}, depending on whether you want emphasis (italics) or actual boldface

Is this Creole? http://www.wikicreole.org/wiki/Creole1.0

XMPP message can also be "normal" with a subject and potentially long, not necessarily a line in a MUC/MIX, and embedded images can be useful there (think about email gateway)

goffi, agreed

Zash, yes

I'll take a break on standard@ for tonight, I have written enough there today :)

Ok, me, a naive web developer does a simple string replace and puts the result as .innerHTML

You are doing a simple string replace? That's naive web developer lvl3

I append my HTML like I append my variables in my SQL requests, using concatenation

why we don't use mirc colors in <body>? Looks like a good idea (as good as using markdown)

goffi, those use control codes in the 0x00..0x1f range right? you can’t send those over XML

jonasw: easy, we just have to add \uxxxx

we can even use ANSI escape code like this, will be great

goffi, Note that I'm explicitly suggesting we *keep* XHTML embedding, but just avoid it being the go-to way of adding bold and italics in IM messages.

dwd, I’m not convinced that this is a good thing.

this just introduces fragmentation we can avoid.

Is it bold and italics and other *styling* people want?

jonasw, I don't really want to specify a whole new document definition.

If so, bringing back <font> could work

dwd, why not?

Zash, For IM, you mean? I think people want emphasis (mostly just *bold*) and preformat is handy, mostly because code-like stuff is about the only time you use * and / in IMs.

XFONT-IM, you get <font> with a bunch of attributes that map roughtyl to CSS properties

dwd, as I said. Trainer*Innen is a legit german word

dwd: for <message> ? I didn't got that, I though you were suggesting the separate XHTML XEP (which is a good idea) only for blogging

~$ pandoc <<< '*Trainer*Innen*' <p><em>Trainer</em>Innen*</p>

Palm -> face

but sorry, movie time, will read updates later

jonasw: You type ^B Trainer*Innen ^B in your client. The client translates the input into protocol and sends it.

Or click the [B] button

Zash, sure, but if the protocol doesn’t support it, because it’s mardown?

~$ pandoc -f html -t markdown <<< '<b>Trainer*Innen</b>' **Trainer\*Innen**

nice

at this point we can simply use a proper format, because nobody will learn that syntax for themselves.

jonasw: Either (a) you can't. (b) We define bold toggle as being on a word break. (c) We use doubled asterisks as an escape.

dwd, see above

"you can’t" is a terrible answer

dwd: Should we really demand end-users learn some syntax?

"bold toggle on word breaks" moves the "you can’t" answer to other cases

"doubled asterisks as an escape", see what Zash says

No, it's not. You also cannot embed images. This is OK. There are lots of edge cases. Imagine how many there's going to be on a complete document markup language.

~$ pandoc <<< '**Trainer*Innen**' <p>**Trainer*Innen**</p>

dwd, of course. which is why I suggest to have a language we can easily extend instead of some markdown-ish markup.

that easily allows us to take care of edge-cases and new use-cases later

without breaking everything again

Don't forget S̶t̶r̶i̶k̶e̶ t̶h̶r̶o̶u̶g̶h̶

lol, guys, you will never come to agreement :)

I see. Then there can only ever be conflict between us.

i shall refrain from suggesting to use docbook markup

remko, how about groff?

I actually went to look through a bunch of existing XML formats yesterday

There's a bunch

for the subset that i think we want (bold, italic, code), i don't think it matters really.

remko, depends on who "we" includes, "bold, italic, code" doesn’t cut it.

'we' => '99% of the use cases' ;-)

But I'm not sure any XML format will make it difficult enough to do the wrong thing

Zash, I can see people not sanitising attributes and simply changing local names, unfortunately.

Yup

jonasw: looking at all the IM clients out there, bold, italic, and underline are the only thing they seem to support. I haven't heard people complaining about this limitation.

Don't forget iChat users with colors

it'll boil down to whether we want a structured format or a non-structured format. Personally, I'm torn. I used to lean one way, but am now leaning the other.

remko, you haven’t heard me then ;-)

remko, at least there’s also blockquote

jonasw: I like blockquote. But there is a case to be made that this should be replaced by a snippet payload.

remko: semantics vs style, xml vs not xml, structured vs not

Any more considerations?

Zash: Messages doesn't even support markup i just noticed.

remko, and how’d you encode those in snippets?

do we want full-blown HTML snippets, with all the vulnerabilities that has?

nope. Just <pre>.

do you confuse blockquote with code?

i.e. a snippet is just rendered as a <pre>, no markup.

https://d2k1ftgv7pobq7.cloudfront.net/meta/u/res/images/db8a72d486e14d6fe249b6a80962b69b/slack-webdesign-cropped.jpg

jonasw: i did confuse both

here’s one example of inline images, links, something like headings in an IM client

jonasw: Isn't that more like a referece?

jonasw: for blockquote, the question is whether this is really a part of the message or not. Could be a reference to something that you happen to render this way.

Zash, sure, it should be a reference in addition, and ideally the markup should reference the reference to make things super-clear

but having every client support every type of reference isn’t a good idea I think

jonasw: {xep attaching} maybe?

jonasw: XEP-0367: Message Attaching (Standards Track, Deferred, 2017-09-11) See: https://xmpp.org/extensions/xep-0367.html

wouldn’t it make more sense to have references in addition rather than instead of content?

i don't think the bulk of 'modern' (non-XMPP) IM clients out there put images and links in their messages. They use autolinking and unicode replacement object, and attach the immage as an external object.

the issue with XHTML-IM are also things like images

remko, sure, you need to mark up where the image goes though

Do modern messagers even do actual in-line images?

jonasw: hence the unicode replacement object

which is again some kind of markup

As opposed to messages that consist only of an image

Zash: i wonder about that. I have seen them use the unicode replacement object, but am not sure if they actually use it for placement.

(talking about Messages concretely)

if you look in the Messages DB, i see messages that came with an image as { "text": "\uFFFC Hi there", "attachments": [ { "image": "..."}]} (or some sorts)

but as i said, i'm not sure if they actually use this, or just always render the image at the front/back of the message.

remko, that looks like something which grew historically because they don’t have proper markup.

might be

in any case, i would rather not have any markup for images than <img> tags.

what’s wrong wtih <img/> tags or their equivalent in any other markup?

it's a slippery slope to too complex document. It's also ambiguous how text should flow around this stuff etc. If you don't allow it, it's less ambiguous

just render is at a separate image. That's also how people feel IM should work i think.

remko: Like a separate type of message box?

yes

I think there’s a lot of value for that type of rich messages.

Yeah I think most things I've seen do that

possibly not images, but other semantic markup

jonasw: i'm not saying there's no use case in XMPP for rich messages with full document markup. IM is just not one IMO.

talking about IM.

not necessarily human-generated messages though

those should perhaps be a different thing then.

why make it a different thing?

slack also distinguishes between bot messages and human-written messages.

you can't do anything beyond bold, italic, and underline as a person.

but why does the transport need to be different?

sharing the transport format for whatever markup we’re doing leads to better interoperability

https://xmpp.org/extensions/inbox/content-types.html

oh god

type='text/xml'

I’m in pain now.

haven't read the XEP, but saw that pass the mailing list. That sounded like pandora's box to me :)

that specific implementation feels bad

and I’m still not convinced that it’s a good thing to have in any case. This will fragment implementations.

I think someone (could be me) suggested <body>markdown markup here</body><body-content type='markdown'/>

Zash: that's exactly Example 1 from the ProtoXEP

<message from='person1@example.org/34892374' to='person2@example.org/938089023' type='chat'> <body>**Note:** This message is very important.</body> <content type='text/markdown' xmlns='urn:xmpp:content'/> </message>

zinid: ah, must have scrolled past that

zinid, yes, but an empty <content/> has a different meaning than a <content> with text content, which is super awkward.

jonasw: yep, I don't think we need this crap

I actually think it's awkward with <body/><xhtml-im/>

still, it's unclear what should a client render if it doesn't support the content type?

in the case of markdown it's obvious, but with another formats/

?

zinid: if you do this only with formats that are still readable when treated as plain text, it's probably fine

Zash: yes

You probably also wanna have explicit features for formats you understand

feature discovery doesn’t work in modern IM though.

As in, disco#info features and the whole caps dance

Oh right, we're moving away from the end-to-end thing :/

let the server handle translation to the different markup types understood by the client!

Ohgod

jonasw: OMEMO guys will not approve :D

zinid, right

feature discovery won't help in MUCs

that, too

or MIXes

or when you switch client and fetch stuff from MAM

or if you use carbons

or ...

yes, so, that’s not really gonna work.

Can we even do things at all then?

sure

like we’ve been doing it with <xhtml-im/>

multipart/alternative basically

yupp

Do everything at once and let the recipient do what they want :)

do I understand correctly: the only concern about xhtml-im is security issues?

zinid, the "only", yes

for me at least.

no, i don't think that's true

That's why SamWhited wants it dead, no?

that's what initially triggered the discussion, yes. And it's important, because xhtml-im is very hard to sanitize.

It's too easy to just stick the incoming XML tree into a browser DOM

but i think other people don't want XHTML-IM, because it's very unpredictable to render in a chat log.

can we provide testing vectors?

User studies needed

I hadn't actually considered the difference between text style and layout before, it was just security for me at first, but now I agree that we need something that's purely style, not layout.

SamWhited, I think we need something for semantics, not for style.

(neither for layout by the way)

I actually think normal people will want style rather than semantics

semantics for things that don't need layout :)

emphasis, blockquote, strong emphasis, lists and enumerations, and code at the very least.

yes, zash is right

jonasw: yes, that's fair, I think I agree with that. I can imagine certain clients render "emphasis" as italics and other bold or something similar.

SamWhited, that, and also accessibility tools

like screen readers

they benefit a lot from semantics.

i actually agree with Zash, people don't care about semantics in IM, they care about style.

Yes, I think for the most part you'll find they're the same for anything simple though.

Zash, they think they want style, but they actually want semantics.

they want something to be bold, not 'emphasized'

jonasw: That's probably true.

remko, they want something to be bold to emphasize it

they don’t think in terms of semantics, but that’s what they want

different people have different interpretations of emphasis.

if i want something emphasized, i don't want it in italic (even though that's the standard way to emphasize things)

remko, you’re free to chose strong emphasis then, people make that kind of mistakes all the time.

it’s still emphasis, and that’s the meaning which is wanted to be conveyed and which is conveyed

Although, if I'm a client author I'm going to put a "Bold" button, not an "Emphasis" button and it would be confusing if on one of my other clients the "Bold" button turns out to be italics.

SamWhited, when you’re saying "purely style", I’m afraid that use-cases like enumerations are excluded though.

SamWhited: exactly

SamWhited, yes of course you wouldn’t label it emphasis ;-). and it should be made clear which defaults apply for the two kinds of emphasis people have (render weak -> italic, strong -> bold; people will choose strong in 99.9% of the cases, that doesn’t matter)

yah, nevermind, I juts changed my mind again. Conveying semantics might be nice in some cases, but all I want is the most dead simple thing we can do.

will all due respect, I wonder whether you might maybe want to consider not only what you want ;-)

jonasw: so you're saying that you're offering a bold and italic button, but insist they're using semantics? It has to render the same way on the other side, so i don't think it's semantics anymore.

I just gave you the reason why client developers want it.

(probably)

SamWhited, as a client developer, I want to have one markup which covers all things my users are likely to encounter. This includes more complex messages (possibly generated by automated systems, similar to slack integrations or something). And I don’t want to have to support three different tiers of markdown dialects to achieve that.

I may not offer my users the tools to create, e.g., a three-level nested enumerated list in the interface, because this ain’t a word processor.

People can't use a comma?

Wait, what? Who said anything about multiple tiers of markdown dialects?

Zash, context?

jonasw: lists

SamWhited, that’s what happens if we go down the route of "we’ll start with some simple text-based markup and oops, then we’ll find out two years later that we also need something to do lists or whatever, so let’s bump the namespace"

Zash, bullet points, if you will

Zash: lists are easier to read I guess

much easier

Do peopel use this when talking?

I do sometimes

Zash, I do ;-). but also, "possibly generated by automated systems"

I think that: 1. That's probably not a problem 2. It already works fine

Zash: for example to tell my wife what to buy in a shop ;)

I have found a 𝐁𝐎𝐋𝐃 solution!

it works fine until you have multiple lines in a bullet (e.g. due to word-wrap) and then it is unreadable, SamWhited. ✏

I would like to quote a few things from the Zen of Python which have been in my mind during this whole "the new markup for XMPP" discussion: Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex. Complex is better than complicated. […] In the face of ambiguity, refuse the temptation to guess.

and also, especially since people are now suggesting that they’re creating precedents by implementing things in a wide-spread client: Now is better than never. Although never is often better than *right* now.

dwd: btw, *bold* in markdown isn't bold, but italics :P

(that, too)

SamWhited, I really, really don’t understand what the issue is with creating an extensible, very simple markup or re-using one instead of restricting us to a very small set of things.

I never said there was a problem with it

fair.

I somehow felt you did, but that wasn’t true.

maybe I mixed up an email somewhere and had that lingering thought somewhere, I apologize.

SamWhited: Do you think any XML based format will be too easy to do the wrong thing with?

Zash: I'm not sure, I suspect so, but I have no idea.

Zash: only when you put unescaped cdata into DOM?

XMPP doesn't allow CDATA, no?

Question is, where's the cutoff where people will prefer the right thing?

SamWhited, cdata is any text, actually

SamWhited: well I mean the content of <body/> for example

*unescaped CDATA

SamWhited: You are thinking of <![CDATA[ ]]>?

Whatever that's called

yah, that

Do we disallow it tho?

no, I meant a text within tags in general

I see no other way how to screw up

zinid, I have one: let’s say we have a tag <emph/> for emphasis

we can assume that you can screw up during transforming layout element into DOM, but you can screw up this way with any formats

a client may simply do a translation mapping the emph local name to em for XHTML.

Also wtf unicode has all sorts of 𝗯𝗼𝗹𝗱 𝘁𝗲𝘅𝘁

and then fail to remove attributes such as onclick="alert('fnord')"

jonasw: yes, but you can do the same with other formats, no?

not with non-XML formats

you’d have to actively put attributes in the result

I think non-XML formats may be to easy to just run trough a regex and allow HTML trough

Zash, depends

think: [{"text": "some text", "emphasis": "strong"}, {"text": " and now without emphasis"}] -> '<strong>some text</strong> and now without emphasis'

you can’t regex that in any reasonable way.

anything in ["text"] will have to be htmlescaped, but otherwise it should be safe.

jonasw: other formats can also posses kinda "attributes" and you can also copy their contents into so evil DOM element blindly, no?

(now I officially did it. I proposed a JSON-transport for things.)

zinid, not if none of those attributes reasonably map to any DOM element which is evil

we shouldn’t be needing any attributes at all, I think

except maybe class if we do that palette thing

(okay, href too)

[{"c":[{"c":"bold","t":"Str"}],"t":"Strong"},{"t":"Space"},{"c":"text","t":"Str"}]

but attributes should be rather rare

^ actual JSON "markup" format.

Zash, not sure if that’s some serious markup you found somewhere or if you’re trolli... oh dear

I don’t know what that does

jonasw: pandoc -t json

but does it work?

ah, t is type.

jonasw: It's a JSON dump of the internal parse tree

right

probably not a good choice since probably underspecified

but yeah, that’s the idea

<Strong><Str>bold</Str></Strong><Space/><Str>text</Str>

~$ pandoc -t native <<< '**bold** text' [Para [Strong [Str "bold"],Space,Str "text"]]

jonasw: if we can map attributes reasonably, can't we do the same for xhtml-im? and then forbid unknown attributes/elements

zinid, the difference is that one requires action to fail, the other requires inaction.

I don't understand

of course, XHTML-IM already defines that some attributes are evil and you need to remove them.

that doesn’t magically make developers do that.

Even if they do it, any trivial mistake in the white list logic results in a vulnerability.

XML schema?

zinid, sure, nobody does that.

it requires action to do that

getting developers to take action is what’s tricky

yeah, I know

(if it was only about trivial mistakes, we could provide an audited reference implementation)

(either based on XML schemas or whatever works in JavaScript)

ok, we refuse xhtml-im, then what?

there are 100500 formats and we can invent others

how to choose?

ah, and we need to make sure there are no potential vulnerabilities, hell yeah

regarding markdown: if we don't choose it, then developers will blame us even harder that we don't use "modern" technologies like json or markdown, or rest :)

zinid, I’m all in for a JSON-based markup

for example, I heard "xmpp is dead if they don't switch to json" and seems like people tend to agree with that

I note that PEP examples doesn't include the 'http://jabber.org/protocol/pubsub' feature. Is that supposed to be implied by <identity category='pubsub' type='pep'/>?

And the last version of PEP changed that section from being to=host to to=account and /some/ unnamed implementations still advertise stuff on the host

Why hasn't anyone taken my bbcode suggestion seriously?

On an actual serious note, there are markdown standards, we could just pick one

http://commonmark.org/ is the best I know of